But, even after doing the necessary steps and when I tried to login to the JMX console it is not working...I am getting the below error message int he Jboss server console:

13:48:00,014 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role filesjava.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found at org.jboss.security.auth.spi.Util.loadProperties(Util.java:315) at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186) at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200) at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)

I did the below steps:

1. {jboss.server.home.dir}/deploy/jmx-console.war/WEB-INF/web.xml : Uncommented the block :<security-constraint> and added <login-config> block like the one below:

I know this post has been here for a while, but I do have a question about it since I recently started using Jboss 5 and noticed that the http://localhost:8080/jmx-console page is opened to everyone.

I followed all of your steps and am able to get the login screen. Once I input the user name & password I configured on the jmx-console-users.properties I don't get any errors on the page itself but instead it keeps redirecting me back to the login prompt even though I am typing the correct user name & password information.

When I look at the server.log on the server itself I see these error messages. What did I do wrong and can any of you help me figure this out.

I have followed the steps at http://community.jboss.org/wiki/SecureTheJmxConsole exactly but I am still not being prompted for a user name and password! Is there another configuration elsewhere in JBoss that overrides the application policy? Im using JBoss-5.1.0.GA. Thanks!

Thank you for the quick response. Yes, I have restarted the jboss service several times and have tried from a fresh install of Chrome, it always enters without prompting for credentials. I thought there may be another setting somewhere that overrides this? Note though that it does ask for the credentials when I log into the admin-console. Any ideas?

I think those configs are for the web console, the security domain there is java:/jaas/web-console. But to answer your question, yes I did! The web-console actually has the same problem as the jmx-console, it is also not showing the credential dialog.